{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31790","assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","state":"PUBLISHED","assignerShortName":"openssl","dateReserved":"2026-03-09T15:56:53.191Z","datePublished":"2026-04-07T22:00:56.698Z","dateUpdated":"2026-05-12T12:09:06.208Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"OpenSSL","vendor":"OpenSSL","versions":[{"lessThan":"3.6.2","status":"affected","version":"3.6.0","versionType":"semver"},{"lessThan":"3.5.6","status":"affected","version":"3.5.0","versionType":"semver"},{"lessThan":"3.4.5","status":"affected","version":"3.4.0","versionType":"semver"},{"lessThan":"3.3.7","status":"affected","version":"3.3.0","versionType":"semver"},{"lessThan":"3.0.20","status":"affected","version":"3.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Simo Sorce (Red Hat)"},{"lang":"en","type":"remediation developer","value":"Nikola Pajkovsky"}],"datePublic":"2026-04-07T14:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Issue summary: Applications using RSASVE key encapsulation to establish<br>a secret encryption key can send contents of an uninitialized memory buffer to<br>a malicious peer.<br><br>Impact summary: The uninitialized buffer might contain sensitive data from the<br>previous execution of the application process which leads to sensitive data<br>leakage to an attacker.<br><br>RSA_public_encrypt() returns the number of bytes written on success and -1<br>on error. The affected code tests only whether the return value is non-zero.<br>As a result, if RSA encryption fails, encapsulation can still return success to<br>the caller, set the output lengths, and leave the caller to use the contents of<br>the ciphertext buffer as if a valid KEM ciphertext had been produced.<br><br>If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an<br>attacker-supplied invalid RSA public key without first validating that key,<br>then this may cause stale or uninitialized contents of the caller-provided<br>ciphertext buffer to be disclosed to the attacker in place of the KEM<br>ciphertext.<br><br>As a workaround calling EVP_PKEY_public_check() or<br>EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate<br>the issue.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."}],"value":"Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."}],"metrics":[{"format":"other","other":{"content":{"text":"Moderate"},"type":"https://openssl-library.org/policies/general/security-policy/"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl","dateUpdated":"2026-04-07T22:00:56.698Z"},"references":[{"name":"OpenSSL Advisory","tags":["vendor-advisory"],"url":"https://openssl-library.org/news/secadv/20260407.txt"},{"name":"3.6.2 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"},{"name":"3.5.6 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"},{"name":"3.4.5 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"},{"name":"3.3.7 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"},{"name":"3.0.20 git commit","tags":["patch"],"url":"https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"}],"source":{"discovery":"UNKNOWN"},"title":"Incorrect Failure Handling in RSA KEM RSASVE Encapsulation","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-04-08T14:32:04.700201Z","id":"CVE-2026-31790","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-08T14:32:37.439Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:09:06.208Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC CN 4100","versions":[{"status":"affected","version":"0","lessThan":"V5.0","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"}]}]}}